0

I have this PAM config in /etc/pam.d/crond:

auth required pam_env.so user_readenv=1

And this .pam_environment file:

_APP_PASSWORD DEFAULT=foo

And this test cronjob:

*/1 * * * * root env 2&>1 | logger -t debug_cron

I'm watching the logs with journalctl -f -t debug_cron and every minute or so several lines appear in the console with the vars, and I see the usual HOME, SHELL, etc., but I don't see the one I set in .pam_environment. Why is this? How can I make this work?

The server is running Fedora 34 64 bit.

arielnmz
  • 433
  • 1
  • 4
  • 13
  • Due to the way PAM works it is helpful to see the entire file. For example, if this **required** comes *after* a successful **sufficient**, it will not execute. – Aaron Copley May 13 '21 at 00:51
  • What you see is the entire PAM file, it just has that one line – arielnmz May 13 '21 at 19:01

0 Answers0